<?php
    function get_users(){
        $users = Array();
        $sql_result = DB::query("SELECT id, username, permissions FROM users");
        while($result = DB::row($sql_result)){
            list($user['id'], $user['username'], $user['permissions']) = $result;
            $users[] = $user;
        }
        return $users;    
    }
    
    function get_user_by_username($username){
        $username = mysql_escape_string($username);
        $sql_result = DB::query(sprintf(
                "SELECT id, username, password, permissions FROM users WHERE username='%s'",
                $username
        ));
        $result = DB::row($sql_result);
        list($user['id'], $user['username'], $user['permissions']) = $result;
        if($user['id'] == '')
            return null;
        return $user;
    }
    
  
    function changePassword(){
        global $user;
        
        if($_POST['newPassword'] != $_POST['newPasswordRepeated']){
            add_error ('Naujas slaptažodis nesutampa su pakartotu');
            return;
        }
        elseif(strlen($_POST['newPassword']) < 5){
            add_error ('Naujas slaptažodis turėtų būti bent 5 simbolių ilgio');
            return;
        }
        elseif(md5($_POST['oldPassword']) != $user['password']){
            add_error ('Neteisingai įvestas senas slaptažodis');
            return;
        }
        elseif(DB::query("UPDATE users SET password='".md5($_POST['newPassword'])."', login_hash='' WHERE id=".$user['id']) == true){
            add_success ("Slaptažodis pakeistas. Greitai būsite nukreipti į prisijungimo puslapį.");
            add_other_message("<script type=\"text/javascript\">setTimeout(\"window.location='index.php'\",5000);</script>");
        }
    }

    function newUser($user = null, $password = null, $password2 = null){
        if (!$user && isset($_POST['username'])) {
            $user = $_POST['username'];
        }
        $user_html = htmlspecialchars($user);
        if (!$password && isset($_POST['password'])) {
            $password = $_POST['password'];
        }
        $user_sql = mysql_escape_string($user);
        if (!$password2 && isset($_POST['passwordRepeated'])) {
            $password2 = $_POST['passwordRepeated'];
        }
        if($password != $password2){
            add_error ('Slaptažodis nesutampa su pakartotu');
            return;
        }
        elseif(strlen($user) < 5){
            add_error ('Naudotojo vardas turėtų būti bent 5 simbolių ilgio');
            return;
        }
        elseif(strlen($password) < 5){
            add_error ('Slaptažodis turėtų būti bent 5 simbolių ilgio');
            return;
        }
        elseif(get_user_by_username($user) != null){
            add_error ('Naudotojas vardu "'.$user_html.'" jau egzistuoja');
            return;
        }
        elseif(DB::query(sprintf(
                "INSERT INTO users (username, password) VALUES ('%s', '%s')",
                $user_sql,
                md5($password)
        )) == true){
            add_success ("Naujas naudotojas \"".$user_html."\" sukurtas");
            return true;
        }
    }
    
    if(isset ($_POST['function']) && function_exists($_POST['function'])){
        $_POST['function']();
    }
?>
